On 15/02/16 20:52, Jouni Malinen wrote: > On Mon, Feb 15, 2016 at 07:04:20PM +0000, OpenSSL wrote: >> OpenSSL version 1.1.0 pre release 3 (alpha) >> >> OpenSSL 1.1.0 is currently in alpha. OpenSSL 1.1.0 pre release 3 has now >> been made available. For details of changes and known issues see the >> release notes at: >> >> http://www.openssl.org/news/openssl-1.1.0-notes.html > > It looks like something in pre release 3 has changed behavior in a way > that results in SSL_CTX_new(SSLv23_method()) failing in some cases. I've > never seen this with earlier releases. It looks like the error within > SSL_CTX_new() is in EVP_get_digestbyname("ssl3-md5") returning NULL > suddenly after a process has called SSL_CTX_new() and SSL_CTX_free() > multiple times. > > Based on a git bisect between OpenSSL_1_1_0-pre2 and OpenSSL_1_1_0-pre3 > tags, it looks like the different behavior was triggered by commit > 7fa792d14d06cdaca18f225b1d2d8daf8ed24fd7 ('Auto init/de-init libssl'). > That does add a call to > OPENSSL_INIT_ssl_library_start(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL) > within SSL_CTX_new(), so I guess this is somehow messing up the > registered digests. > > The program in question (wpa_supplicant) calls SSL_load_error_strings(), > SSL_library_init(), EVP_add_digest(EVP_sha256()), > EVP_add_cipher(EVP_rc2_40_cbc()), and PKCS12_PBE_add(), but commenting > these out did not change anything for the issue. > > I could not find anything related to this in the release notes either. > > Is this a bug somewhere in pre release 3 or is there supposed to be some > changes needed in applications using OpenSSL to work with this auto > init/de-init libssl change? > > Do you call EVP_cleanup() at any point between creating the SSL_CTX objects?
Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
